ISE device policy sets default condition updated to assign different shell profiles based on group membership.

The Avi Vantage TACACS+ auth profile should be configured with the same shared secret that was assigned to the device in ISE. The “service” attribute is generally required for authorization. In the case of an ACS server, service=shell is required for user authorization; while in the case of an ISE server, service=shell is known to cause authorization failure.

Avi Vantage TACACS+ authorization role and tenant mapping configured to assign different roles based on TACACS+ attribute value

Shrubbery TAC_PLUS

TAC_PLUS server is a much simpler alternative to ISE/ACS. This is mostly relevant in development or testing environments. Conceptually, users are assigned to groups and groups have request and response attributes.

Avi Vantage TACACS+ auth profile is configured the same way as that for ISE or ACS.